Problems with pppd from TCP/IP V5.0A

QNX USERS QNX2 and QNX4
1

I can connect to the machine ONLY IF the auth AND +pap AND +chap are omitted in all of the options files.
The connection is refused with any of those authentication options enabled.
If I run pppd from the command line - it says that it cannot find the secrets needed.
I cannot make pppd to print it’s debug messages no matter where I put the debug keyword: /etc/ppp/options or /etc/ppp/options.ser1

With tcp/ip v4.25D + tcp/ip security patch + tcp/ip security patch A everything works OK.

QNX v4.25G
The Security patch is installed:
/bin/login 24060 26Apr2000
/bin/passwd 29880 26Apr2000
/bin/su 26613 23May2000

/usr/photon/v1.14/bin/phlogin 247208 01Jun2000

/usr/lib/unix3r.lib 15Jun2000
/usr/lib/unix3s.lib 15Jun2000

That’s why I’m pretty sure the security patch is in place.

My /etc/tinit.conf is:
-t /dev/con1 -T /dev/con2
-c “modem -T pppd” -T /dev/ser1

My /etc/ppp/options is:
debug
auth
192.168.255.2:

My /etc/ppp/options.ser1 is:
:192.168.255.254
defaultroute
proxyarp

My /etc/ppp/pap-secrets and /etc/ppp/chap-secrets are:
ftp my_host_name anonimous
admin my_host_name admin

/usr/bin/syslogd is running and has this /etc/syslog.conf:

/tmp/log/syslog must exist!

. /tmp/log/syslog

The file /tmp/log/syslog really exists and has some records from other utilityes in it.

Please help!
Tony.

2

The easier half of the riddle is solved.

pppd was not writing it’s debug messages in the /tmp/log/syslog because the /usr/bin/syslogd was started before the /usr/ucb/Tcpip and en1 configuration.

After rectifying this issue I see pppd’s messages in the syslog.

If I omit all authentication options - pppd warns me about “world and/or group writability” of /etc/ppp/pap-secrets. It is (pap-secrets) endeed cmod 666, as well as chap-secrets, but pppd does not warn me about chap-secrets’ excessive file permissions.

When I make /etc/ppp/pap-secrets owned by root, group root, chmod 600 - (still omitting auth options) - the warning does not appear in the syslog.

This, I think, shows that pppd does see the file, pap-secrets at least.

Why cannot it find the secrets when auth is required?

Tony.

PS Please comment, ASAP!

3

More tests…

Only if I put both “auth” and “login” options in /etc/ppp/options file - pppd attempts to authenticate the caller.

Authentication allways fails, no matter what I put as a secret for a given login name. It fails even if “” is set as the secret. (By the way, it is not 100% clear what it is - either “” or " " in the documentation)

I tryed to make an account for “guest” with password == guest. Does not help.
I tryed to copy it’s hashed password from /etc/shadow into pap-secrets file as the secret. Does not help either.

I did not try to use @ symbol in the secret field of the pap-secrets to point to the external file with the secret yet.

Tony.

4

No matter what I do I have the same report:

Apr 22 22:18:31 sauron syslogd: restart
Apr 22 22:21:36 localhost pppd[364]: Could not set session: Operation not permitted
Apr 22 22:21:36 localhost pppd[364]: pppd 2.3.5 started by System, uid 0
Apr 22 22:21:36 localhost pppd[364]: Using interface vp0
Apr 22 22:21:36 localhost pppd[364]: Connect: vp0 <–> //2/dev/ser1
Apr 22 22:21:36 localhost pppd[364]: sent [LCP ConfReq id=0x1 <magic 0x866a235a>
]
Apr 22 22:21:36 localhost pppd[364]: rcvd [LCP ConfReq id=0x2 <asyncmap 0xa0000> <magic 0xc7d109e>
<callback 0x600>]
Apr 22 22:21:36 localhost pppd[364]: sent [LCP ConfRej id=0x2 <callback 0x623>]
Apr 22 22:21:36 localhost pppd[364]: rcvd [LCP ConfAck id=0x1 <magic 0x866a235a>
]
Apr 22 22:21:36 localhost pppd[364]: rcvd [LCP ConfReq id=0x3 <asyncmap 0xa0000> <magic 0xc7d109e>
]
Apr 22 22:21:36 localhost pppd[364]: sent [LCP ConfAck id=0x3 <asyncmap 0xa0000> <magic 0xc7d109e>
]
Apr 22 22:21:36 localhost pppd[364]: rcvd [PAP AuthReq id=0x1 user=“guest” password=“guest”]
Apr 22 22:21:36 localhost pppd[364]: PAP authentication failure for guest
Apr 22 22:21:36 localhost pppd[364]: sent [PAP AuthNak id=0x1 “Login incorrect”]
Apr 22 22:21:36 localhost pppd[364]: sent [LCP TermReq id=0x2 “Authentication failed”]
Apr 22 22:21:36 localhost pppd[364]: rcvd [LCP TermAck id=0x2]
Apr 22 22:21:36 localhost pppd[364]: Connection terminated.
Apr 22 22:21:37 localhost pppd[364]: Exit.

I’ve tryed to make /etc/ppp/pap-secrets to look like this:
guest * “”

Even this fails!

I’ve tryed to use pppd v2.3.0 from tcpip v4.25D security patch A it does not even start under Tcpip v5.0A

Currently my /etc/ppp/opions is:
debug
192.168.255.2:
auth
login

I’m desperate!
Please comment.

Tony.

5

has there been any resolution to this problem We are having the exact same issue and are desparate too!

6

I’m still trying to get in touch with X.Tang and W.Zhang (at QSSL) to have their oppinion on this issue.

7

I’ve got in touch with the QSSL’s stuff regarding this issue.

The reason for pppd v2.3.5 to deny the authentication requests is that the fourth field in the /etc/ppp/[ch|p]ap-secrets is no longer optional.
There SHOULD be a valid client’s IP (or a hostname).

Tony.